diff --git a/docs/images/kernel-2.6.16-1.png b/docs/images/kernel-2.6.16-1.png
new file mode 100644
index 000000000..9195207ad
Binary files /dev/null and b/docs/images/kernel-2.6.16-1.png differ
diff --git a/docs/images/kernel-2.6.16-2.png b/docs/images/kernel-2.6.16-2.png
new file mode 100644
index 000000000..2c20aee80
Binary files /dev/null and b/docs/images/kernel-2.6.16-2.png differ
diff --git a/docs/kernel.xml b/docs/kernel.xml
index 5ac789ee5..e51a38017 100644
--- a/docs/kernel.xml
+++ b/docs/kernel.xml
@@ -243,4 +243,23 @@ CONFIG_BRIDGE_NF_EBTABLES=m
+
+
+ Kernel 2.6.16 and Later Netfilter Options
+
+ Here's a screenshot of my modularized 2.6.16 Kernel config
+ (Navigation: Networking → Networking Options → Network Packet Filtering
+ (replaces ipchains) → Core Netfilter configuration):
+
+ ![]()
+
+ Note that is is particularly important to select "Netfilter Xtables
+ support (required for ip_tables).
+
+ Here's a screenshot of the IP Netfilter config (Navigation:
+ Networking → Networking Options → Network Packet Filtering (replaces
+ ipchains) → IP: Netfilter configuration):
+
+ ![]()
+
\ No newline at end of file
diff --git a/docs/starting_and_stopping_shorewall.xml b/docs/starting_and_stopping_shorewall.xml
index 6937fe954..644ceecbc 100644
--- a/docs/starting_and_stopping_shorewall.xml
+++ b/docs/starting_and_stopping_shorewall.xml
@@ -672,7 +672,7 @@
clear
- shorewall clear
+ shorewall[-lite] clear
Clear will remove all rules and chains installed by Shorewall.
The firewall is then wide open and unprotected. Existing connections
@@ -792,7 +792,7 @@
dump
- shorewall[-lite] [ -x ] dump
+ shorewall[-lite] dump
Produce a verbose report about the firewall.
@@ -919,7 +919,7 @@
refresh (Not supported by Shorewall Lite)
- shorewall [ -q ] refresh
+ shorewall refresh
The rules involving the broadcast addresses of firewall
interfaces, the black list and ECN control rules are recreated to
@@ -996,7 +996,7 @@
restart
- shorewall[-lite] [ -q ] restart
+ shorewall[-lite] restart
<configuration-directory>
Restart is similar to shorewall stop
@@ -1010,7 +1010,7 @@
restore
- shorewall[-lite] [ -q ] restore [ <filename>
+ shorewall[-lite] restore [ <filename>
]
Restore Shorewall to a state saved using the
@@ -1030,7 +1030,7 @@
safe-restart (Not supported by Shorewall Lite)
- shorewall [ -q ] safe-restart [ <filename>
+ shorewall safe-restart [ <filename>
]
Only allowed if Shorewall is running. The current
@@ -1049,7 +1049,7 @@
safe-start (Not supported by Shorewall Lite)
- shorewall [ -q ] safe-start [ <filename>
+ shorewall safe-start [ <filename>
]
Shorewall is started normally. You will then be prompted
@@ -1082,27 +1082,25 @@
show
- shorewall [ -x ] show actions (Not supported by
- Shorewall Lite) — produces a list of actions available on
- the system.
+ shorewall show actions (Not supported by Shorewall
+ Lite) — produces a list of actions available on the
+ system.
- shorewall[-lite] [ -x ] show [ <chain> [
- <chain> ...]
- |classifiers|connections|log|nat|tc|tos]
+ shorewall[-lite] show [ <chain> [ <chain>
+ ...] |classifiers|connections|log|nat|tc|tos]
- shorewall[-lite] [ -x ] show <chain> [
- <chain> ... ] - produce a verbose report about the
- Netfilter chain(s). (iptables -L chain -n
+ shorewall[-lite] show <chain> [ <chain>
+ ... ] - produce a verbose report about the Netfilter
+ chain(s). (iptables -L chain -n -v)
+
+ shorewall[-lite] show mangle - produce a
+ verbose report about the mangle table. (iptables -t mangle
+ -L -n -v)
+
+ shorewall[-lite] show nat - produce a
+ verbose report about the nat table. (iptables -t nat -L -n
-v)
- shorewall[-lite] [ -x ] show mangle -
- produce a verbose report about the mangle table. (iptables
- -t mangle -L -n -v)
-
- shorewall[-lite] [ -x ] show nat - produce
- a verbose report about the nat table. (iptables -t nat -L
- -n -v)
-
shorewall[-lite] show [- m ] log - display
the last 20 packet log entries. The '-m' option is available in
Shorewall version 3.2.0 Beta5 and later and causes the MAC address
@@ -1139,7 +1137,7 @@
start
- shorewall[-lite] [ -q ] [ -f ] start [
+ shorewall[-lite] [ -f ] start [
<configuration-directory> ]
Start shorewall. Existing connections through shorewall